The present invention relates to computer security.
Computer systems can include a plurality of computing devices joined together in a network communication system connecting a plurality of users. A packet is the fundamental unit of transfer in a packet switch communication system. A user can be an individual user terminal or another network.
The network can be an intranet, that is, a network connecting one or more private servers such as a local area network (“LAN”). Alternatively, the network can be a public network, such as the Internet, in which data packets are passed over untrusted communication links. The network configuration can include a combination of public and private networks. For example, two or more LAN's can be coupled together with individual terminals using a public network such as the Internet. When public and private networks are linked, data security issues arise. More specifically, conventional packet switch communication systems that include links between public and private networks typically include security measures for assuring data integrity.
To ensure security of communications, network designers have either incorporated security devices, such as firewalls, intrusion prevention devices, and traffic management devices, into the computer system or have enhanced network components such as routers to provide security functions. In addition to security concerns for the data transferred over the public portion of the communications system, the private portions of the network must safeguard against intrusions through one or more gateways provided at an interface between the private and the public networks. For example, a firewall is a device that can be coupled in-line between a public network and private network for screening packets received from the public network. A firewall can include one or more engines for inspecting, filtering, authenticating, encrypting, decrypting and otherwise manipulating received packets. In a conventional firewall, received packets are inspected and thereafter forwarded or dropped in accordance with the security policies associated with a given domain.
Security systems are often employed in computer systems to protect the computer system, for example, from various outside attacks. Conventional computer systems can have events occur, which cause the computer system to be more vulnerable to an attack for a period of time then during other times. A period of time in which a computer system is more vulnerable can be referred to as a critical period. A critical period can be a period of time in which a computer system can have permanent changes made. Typically, a period of time during which computer firmware is being installed is a critical period.
Certain operations or attacks can damage a typical computer system during a critical period, which if occurring outside of a critical period would not cause harm. For example, a computer reboot typically will not damage a computer system, however if the reboot occurs while installing computer firmware (i.e., during a critical period), the computer system can be damaged. In another example, a computer system is typically immune from network scans searching for vulnerabilities, but can be vulnerable to the same scans during a critical period.